""ET TROJAN W32/SCKeyLog.InfoStealer Installation Confirmation Via SMTP""

SID: 2014354

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2012_03_09, updated_at 2014_12_05

Reference:

• md5

• cc439073eeb244e6bcecee8b6774b672

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 25

Flow: established,to_server

Contents:

• Value: "Subject|3A 20|Installation of SC-KeyLog on host"

Within:

PCRE:

Special Options:

• nocase

source